Bazaar2 Monthly Report - February 2017

Now that a lot of the work we have done over the past year is solidifying, we have started to do a lot more to promote it. To that end, there will be lots of activity at conferences around the world, as of February:

Peter represented F-Droid at FOSDEM in Brussels

Hans at Android Security Symposium in Vienna

Hans at RightsCon: “Internet Freedom App Store: we require alternatives to the two gatekeepers”

Turns out that some Cubans have been using F-Droid for a couple of years now, according to someone who came to us in public forums with some technical questions. They have been running F-Droid repos on the local Cuban nets since 2014! The main app store is currently up to 12,000 APKs that have been gathered from people and the weekly packet. They pointed to this article about the first setup. Unfortunately, it does not mention F-Droid by name: http://www.escambray.cu/2015/wifi-fuera-de-zona/

We made progress on lots of little details over the past month, and some bigger, long running efforts. First and foremost, we know have an entire build infrastructure based on KVM that can run within a KVM guest (aka “nested KVM”). This setup is now running once a day on https://jenkins.debian.net. This will be the basis of our weekly rebuilds of the entire f-droid.org collection of apps to provide the feedback for working towards reproducible builds for as many apps a possible. Running the whole process from the very beginning each week gives us continuous integration testing for our whole build infrastructure.

we started working with libscout to detect library versions in apps. This will allow us to work with CVEs and other data sources for marking known vulnerabilities in libraries. This data is then included in app index metadata, which F-Droid can then use on the device to highlight vulnerable apps to prompt the user to update or uninstall.

we worked with a Cuban user group to fix the issues that arose from building an F-Droid app repository from 12,000 APK files.

we got our bug fixes integrated into the Debian packages needed to run the build intrastructure

The F-Droid Privileged Extension is now shipping with CopperheadOS and Replicant, so those devices no longer need to turn on “Unknown Sources” in order to use F-Droid. This also provides fully automatic background updates. Next steps are to get the Privileged Extension integrated into more devices and ROMs, and to make it easy for all the custom Android ROM developers to properly integrate F-Droid into their projects.

We have been working on wrapping up the designs for the improvements in the UX and UI that we are making after the first round of user tests. We will be doing another round of user tests in late March, this time with alpha releases of the real app, to confirm the design, and find and last glaring issues. In addition to the feedback from user tests, we have also received lots of great, unsolicited feedback from the F-Droid community via our issue tracker. While it was extra effort for us to have the design discussions on a public forum, it has paid off due to the quality of the discussions that we had there, including detailed reviews based on the Material Design Guidelines and ideas for handling some of the tricky design problems. This thread is a great of example:https://gitlab.com/fdroid/fdroidclient/issues/709

I’ve outlined the areas that we’d like to gain feedback on in the next round of tests. The primary UX flows we want feedback on include: users’ ability to update apps, the offline experience, and the experience of searching within a category. We also are looking for feedback on users’ comprehension of the new menu icons, how much they trust F-Droid, and how likely they are to donate to developers.

We finalized the design of update libraries in conjunction with the Tibetan partner organization, and signed a contract for it to be implemented by Mark Murphy aka @commonsguy. These two libraries work together to provide alternate paths to app updates:

The developer survey was completed and translated into Spanish, Chinese, Farsi, and Russian. It is now available at https://challenges.tech/ Seamus started the testing and promotion of the survey with the aim to kicking it off at Internet Freedom Festival in Valencia.